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What Is ЕхСор? 


* A free-for-download, stand-alone code, analysis topl that 
examines managed assemblies for design and code 
correctness issues 


- A console and graphical application that manages 
analysis targets, rule sets, and messages 


* Goals 


. ea adoption of Microsoft® „МЕТ Design 
Guidelines 


* Transfer expert knowledge regarding technical issues 
and potential ^gotchya"s 


* Establish best practices that minimize code defects 
and maintenance cost 
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How Does It Work? 


What Сап ЕхСор Rules Do? 


* Access all managed metadata 

- Examine IL method bodies 

« Walk assembly call graphs 

- Determine some argument values for call sites 

* Use the spelling checker (if Microsoft Office is installed) 


Types of FxCop Rules 


* COM Interop Rules: Detect COM interop issues 

« Design Rules: Detect potential design flaws 

+ Globalization Rules: Detect missing or incorrect usage of 
information related to globalization and localization 

a Naming Rules: Regard casing, keyword collisions, and 
other issues around public members 


„ Performance Rules: Detect patterns that will affect or 
degrade performance 


= Usage Rules: Detect potential flaws in the way you use Fx 
or NET APIs, 


» Security Rules: Detect programming elements in your 
assemblies that leave your assemblies vulnerable to 
malicious users or code (this is where we'll spend our time 
for the rest of the presentation) 

» Custom Rules: Your own FxCop rules 


A 
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ЕхСор COM Rules 
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ЕхСор Design Rules 
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ЕхСор Globalization Rules 


+ Rules that support world-ready libraries and applications 


B AŠ void SaveToXml(double version) 


if (version < 1,0) throw new 
ArgumentException(“Unsupported version: ^ + 
version. ToString()); R 


СЕ = new XmlWriter( 
“C:\program files \MyApp\config.xml”); 


writer WriteElementString(“Version”, 
version.ToString()): 


: % 
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ЕхСор Naming Rules 


» Rules that support the naming conventions From the NET Design 
Guidelines 


+ Examples: 
Public class MyError : Exception 
{ 
} 


Public class narging_demo 


publi string nameTolD(string Name) 


UNS Ss 


} 
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FxCop Performance Rules 


~ Rules that support improved performance 
+ Examples: 
Public string PretttyPrintNumbers(int[] list) 
{ 

string output == **; 

Forint i = 0; i = list. Length; i++) 
if (output 2 eras for] 
output += list[i].ToStringQ); 

пок needed anymore 

Jf retum PrattyPrintHelperfout put); 

return outputs 

) шф 


Private string PrettyPrintHelper(string input) { ... } 
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ЕхСор Security Rules 


« Examples of security rules: 
[PermissionSet (SecurityAction.LinkDemand, Name="FullTrust")] 
Public class SecurityInfo 
1 = чо 
public readonly byte[] Key = GenerateKey(); 
} 
Public struct О angerousInformation 
1 
n. о, (SecurityAction Demand, Name="FullTrust")] 
public DangerousInform ation(string owner) 
15 
} 
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ЕхСор Usage Rules 
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New Capabilities in 1.30 
. Better Microsoft Visual Studio® Side-by-Side 
Experience 
. Resolved Missing Dependencies 
+ Analysis of Any Version of an Assembly 
. Ul Improvements 
+ Analysis Improvements 
+ New Rules d 
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Integrating FxCop into Your Development 
Process 


+ Using Ёхсорста and XML files 
+ Integrating into your development process 
• Use command-line and baseline everything 


+ Run as checkin system and start catching new 
violations, fix, then address baseline 


« You should fix all Design Rule fixes—and focus 
on consistency 
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Creating Custom Rules 


The Future: 
Visual Studio Team System 


* FxCop built directly into Visual Studio 

* Superset of stand-alone FxCop rules 

* New integrated environment for all analysis 
Analysis can be enabled as build step 

* Messages, help topics appear in IDE 
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Issues with FxCop—FYI 


+ FxCop is about guidelines not hard and fast rules 
+ False positives 
« Lack of integration with Visual Studio 


+ Maintaining FxCop XML files across developer 
projects 


(Rude) Questions About FxCop 


* Questions 


= Why do Microsoft „МЕТ Framework libraries generate 
violations? 


+ Why does FxCop generate violations? 
* Why not ship FxCop source code? 


+ Will there continue to be a free version of FxCop once 
VSTS ships? 


- Others?..., 


Community Resources 


FxCop оп GotDotNet 
5 Апен со; т 


FxCop Team Weblog 
blogs, Со 5 


CLR Base Class Libra ries { BCL) Team Site 
hit pif (vyne gotdotnėt. com /Зедт / ©\г/ bel/defa ult.aspx 


Brad Abrams" We blog— Design Guidelines 
htt pif f blogs, com brada, 


Rico Mariani's Weblog—. NET Performa noe 


blogs, msdn. cûm f rico т. 
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